docker-mailserver/docs/content/config/debugging.md

7.8 KiB

title hide
Debugging
toc

This page contains valuable information when it comes to resolving issues you encounter.

!!! info "Contributions Welcome!"

Please consider contributing solutions to the [FAQ][docs-faq] :heart:

Preliminary Checks

  • Check that all published DMS ports are actually open and not blocked by your ISP / hosting provider.
  • SSL errors are likely the result of a wrong setup on the user side and not caused by DMS itself.

Mail sent from DMS does not arrive at destination

Some service providers block outbound traffic on port 25. Common hosting providers known to have this issue:

These links may advise how the provider can unblock the port through additional services offered, or via a support ticket request.

Steps for Debugging DMS

  1. Increase log verbosity: Very helpful for troubleshooting problems during container startup. Set the environment variable LOG_LEVEL to debug or trace.
  2. Use error logs as a search query: Try finding an existing issue or search engine result from any errors in your container log output. Often you'll find answers or more insights. If you still need to open an issue, sharing links from your search may help us assist you. The mail server log can be acquired by running docker log <CONTAINER NAME> (or docker logs -f <CONTAINER NAME> if you want to follow the log).
  3. Inspect the logs of the service that is failing: We provide a dedicated paragraph on this topic further down below.
  4. Understand the basics of mail servers: Especially for beginners, make sure you read our Introduction and Usage articles.
  5. Search the whole FAQ: Our FAQ contains answers for common problems. Make sure you go through the list.
  6. Reduce the scope: Ensure that you can run a basic setup of DMS first. Then incrementally restore parts of your original configuration until the problem is reproduced again. If you're new to DMS, it is common to find the cause is misunderstanding how to configure a minimal setup.

Debug a running container

General

To get a shell inside the container run: docker exec -it <CONTAINER NAME> bash. To install additional software, run:

  1. apt-get update to update repository metadata.
  2. apt-get install <PACKAGE> to install a package, e.g., apt-get install neovim if you want to use NeoVim instead of nano (which is shipped by default).

Logs

If you need more flexibility than what the docker logs command offers, then the most useful locations to get relevant DMS logs within the container are:

  • /var/log/mail/<SERVICE>.log
  • /var/log/supervisor/<SERVICE>.log

You may use nano (a text editor) to edit files, while less (a file viewer) and tail/cat are useful tools to inspect the contents of logs.

Compatibility

It's possible that the issue you're experiencing is due to a compatibility conflict.

This could be from outdated software, or running a system that isn't able to provide you newer software and kernels. You may want to verify if you can reproduce the issue on a system that is not affected by these concerns.

Network

  • Misconfigured network connections can cause the client IP address to be proxied through a docker network gateway IP, or a service that acts on behalf of connecting clients for logins where the connections client IP appears to be only from that service (eg: Container IP) instead. This can relay the wrong information to other services (eg: monitoring like Fail2Ban, SPF verification) causing unexpected failures.
  • userland-proxy: Prior to Docker v23, changing the userland-proxy setting did not reliably remove NAT rules.
  • UFW / firewalld: Some users expect only their firewall frontend to manage the firewall rules, but these will be bypassed when Docker publishes a container port (as there is no integration between the two).
  • iptables / nftables:
  • IPv6:
    • Requires additional configuration to prevent or properly support IPv6 connections (eg: Preserving the Client IP).
    • Support in 2023 is still considered experimental. You are advised to use at least Docker Engine v23 (2023Q1).
    • Various networking bug fixes have been addressed since the initial IPv6 support arrived in Docker Engine v20.10.0 (2020Q4).

System

  • macOS: DMS has limited support for macOS. Often an issue encountered is due to permissions related to the volumes config in compose.yaml. You may have luck trying gRPC FUSE as the file sharing implementation; VirtioFS is the successor but presently appears incompatible with DMS.
  • Kernel: Some systems provide kernels with modifications (replacing defaults and backporting patches) to support running legacy software or kernels, complicating compatibility. This can be commonly experienced with products like NAS.
  • CGroups v2: Hosts running older kernels (prior to 5.2) and systemd (prior to v244) are not likely to leverage cgroup v2, or have not defaulted to the cgroup v2 unified hierarchy. Not meeting this baseline may influence the behaviour of your DMS container, even with the latest Docker Engine installed.
  • Container runtime: Docker and Podman for example have subtle differences. DMS docs are primarily focused on Docker, but we try to document known issues where relevant.
  • Rootless containers: Introduces additional differences in behaviour or requirements:
    • cgroup v2 is required for supporting rootless containers.
    • Differences such as for container networking which may further affect support for IPv6 and preserving the client IP (Remote address). Example with Docker rootless are binding a port to a specific interface and the choice of port forwarding driver.